General
-
Target
9d4b9c3b9efd2291555a14c9b0527fc83c1291d426e7be13c04ddb3a656bba71
-
Size
1.3MB
-
Sample
231110-3np7waad51
-
MD5
d865b213268599bb70f575a2711f6a4d
-
SHA1
b4786a5d2c0634c0217b535f5b38e3089584c1d6
-
SHA256
9d4b9c3b9efd2291555a14c9b0527fc83c1291d426e7be13c04ddb3a656bba71
-
SHA512
3ff8ff558599e2da9ea008088f14822402c91f460fdd3ea6b0151982cff0c252ea1794b0d6598d762be089d43c370a47f6001980158a8f8d4ef75989b5992a2d
-
SSDEEP
24576:yyOYBaKaeHIsZCgGMOkDPKKXksxPw4LB1tt32aHmqseGfhIQ/pvj/zTUVyJ:ZOYBYeoIjGAfdxI0BjkCvsPfHRvj/0
Static task
static1
Behavioral task
behavioral1
Sample
9d4b9c3b9efd2291555a14c9b0527fc83c1291d426e7be13c04ddb3a656bba71.exe
Resource
win10-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
9d4b9c3b9efd2291555a14c9b0527fc83c1291d426e7be13c04ddb3a656bba71
-
Size
1.3MB
-
MD5
d865b213268599bb70f575a2711f6a4d
-
SHA1
b4786a5d2c0634c0217b535f5b38e3089584c1d6
-
SHA256
9d4b9c3b9efd2291555a14c9b0527fc83c1291d426e7be13c04ddb3a656bba71
-
SHA512
3ff8ff558599e2da9ea008088f14822402c91f460fdd3ea6b0151982cff0c252ea1794b0d6598d762be089d43c370a47f6001980158a8f8d4ef75989b5992a2d
-
SSDEEP
24576:yyOYBaKaeHIsZCgGMOkDPKKXksxPw4LB1tt32aHmqseGfhIQ/pvj/zTUVyJ:ZOYBYeoIjGAfdxI0BjkCvsPfHRvj/0
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-